ACK/Cmnt: [SRU][F:linux-bluefield][PATCH 0/5] Control nf flow table timeouts
bodong at nvidia.com
Tue Jul 6 17:21:34 UTC 2021
On 7/6/2021 2:33 AM, Stefan Bader wrote:
> On 01.07.21 22:38, Bodong Wang wrote:
>> TCP and UDP connections may be offloaded from nf conntrack to nf flow
>> Offloaded connections are aged after 30 seconds of inactivity.
>> Once aged, ownership is returned to conntrack with a hard coded tcp/udp
>> pickup time of 120/30 seconds, after which the connection may be
>> The current hard-coded pickup intervals may introduce a very aggressive
>> aging policy. For example, offloaded tcp connections in established
>> will timeout from nf conntrack after just 150 seconds of inactivity,
>> instead of 5 days. In addition, the hard-coded 30 second offload timeout
>> period can significantly increase the hardware insertion rate
>> in some use cases.
>> This patchset provides the user with the ability to configure protocol
>> specific offload timeout and pickup intervals via sysctl.
>> The first and second patches revert the existing non-upstream solution.
>> The next two patches introduce the sysctl configuration for tcp and udp
>> The last patch modifies nf flow table aging mechanisms to use the
>> time intervals.
>> Oz Shlomo (5):
>> Revert "UBUNTU: SAUCE: net/sched: Add module parameter to set CT age
>> out time"
>> Revert "UBUNTU: SAUCE: netfilter: flowtable: Control flow timeout
>> (upstream) netfilter: conntrack: Introduce tcp offload timeout
>> (upstream) netfilter: conntrack: Introduce udp offload timeout
>> (upstream) netfilter: flowtable: Set offload timeouts according to
>> proto values
>> include/net/netfilter/nf_flow_table.h | 10 ++-----
>> include/net/netns/conntrack.h | 8 +++++
>> net/netfilter/nf_conntrack_proto_tcp.c | 5 ++++
>> net/netfilter/nf_conntrack_proto_udp.c | 5 ++++
>> net/netfilter/nf_conntrack_standalone.c | 46
>> net/netfilter/nf_flow_table_core.c | 53
>> net/netfilter/nf_flow_table_offload.c | 5 ++--
>> net/sched/act_ct.c | 5 ----
>> 8 files changed, 106 insertions(+), 31 deletions(-)
> The 3 new patches are upstream picks, in that case the commit message
> should be exactly like upstream (no "(upstream)" annotation). This can
> be fixed while applying, though.
> Acked-by: Stefan Bader <stefan.bader at canonical.com>
Those 3 patches are only merged to maintainers tree. According to
Kernel/Dev/StablePatchFormat - Ubuntu Wiki
<https://wiki.ubuntu.com/Kernel/Dev/StablePatchFormat>, it's needed. Do
we need to follow it?
This patch is either developed by an Ubuntu kernel developer or is taken
from an upstream maintainers tree and is expected to eventually be
replaced by a patch from a mainline tree.
More information about the kernel-team